Sha256: a779880ee4c56a7d98d79b1005d380fcb48b5e3e4275b4ffe9902c813ab64401

Contents?: true

Size: 417 Bytes

Versions: 5

Compression:

Stored size: 417 Bytes

Contents

---
gem: administrate
cve: 2016-3098
title: Cross-site request forgery (CSRF) vulnerability in administrate gem
date: 2016-04-01
url: http://seclists.org/oss-sec/2016/q2/0

description: >-
  `Administrate::ApplicationController` actions didn't have CSRF
  protection. Remote attackers can hijack user's sessions and use any
  functionality that administrate exposes on their behalf.

patched_versions:
  - ">= 0.1.5"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/administrate/CVE-2016-3098.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/administrate/CVE-2016-3098.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/administrate/CVE-2016-3098.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/administrate/CVE-2016-3098.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/administrate/CVE-2016-3098.yml